commit e38884dacfaeecf77de5d7e81a97067726fe7cc0 Author: Paladox Date: Wed Oct 25 12:17:43 2017 +0100 Gerrit: Convert its base templates to soy (closure template) This fixes a security issue described in T140366 This change can be merged once we upgrade to 2.14. and deploy change https://gerrit-review.googlesource.com/#/c/plugins/its-base/+/108215/ Bug: T140366 Change-Id: I48eb3f1b60a0cfb4b6f9b611059c495710f8f173 diff --git a/modules/gerrit/files/etc/its/actions.config b/modules/gerrit/files/etc/its/actions.config index c9ad7b1f24..006d3247ac 100644 --- a/modules/gerrit/files/etc/its/actions.config +++ b/modules/gerrit/files/etc/its/actions.config @@ -10,18 +10,18 @@ status = !,DRAFT is-draft = !,true association = subject,footer-Bug,footer-bug - action = add-velocity-comment PatchSetMerged + action = add-soy-comment PatchSetMerged [rule "patchSetCreated"] event-type = patchset-created status = !,DRAFT is-draft = !,true association = added@subject,added@footer-Bug,added@footer-bug - action = add-velocity-comment PatchSetCreated + action = add-soy-comment PatchSetCreated action = add-project Patch-For-Review [rule "changeDraftPublished"] event-type = draft-published association = added@subject,added@footer-Bug,added@footer-bug - action = add-velocity-comment DraftPublished + action = add-soy-comment DraftPublished action = add-project Patch-For-Review diff --git a/modules/gerrit/files/etc/its/templates/DraftPublished.soy b/modules/gerrit/files/etc/its/templates/DraftPublished.soy new file mode 100644 index 0000000000..03f898dfc1 --- /dev/null +++ b/modules/gerrit/files/etc/its/templates/DraftPublished.soy @@ -0,0 +1,38 @@ +/** + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +{namespace etc.its.templates} + +/** + * The .DraftPublished template will determine the contents the published comment + * line for all related published comments + * @param branch + * @param project + * @param subject + * @param changeNumber + * @param authorName + * @param authorUsername + * @param formatChangeUrl + * + */ +{template .DraftPublished autoescape="strict" kind="text"} + + Change {$changeNumber} had a related patch set (by {$authorName ? $authorName : $authorUsername}) published:{\n} + [{$project}@{$branch}] {$subject|escapeUri}{\n}{\n} + + {$formatChangeUrl} +{/template} + diff --git a/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy b/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy new file mode 100644 index 0000000000..0c22c9ae9f --- /dev/null +++ b/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy @@ -0,0 +1,40 @@ +/** + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +{namespace etc.its.templates} + +/** + * The .PatchSetCreated template will determine the contents of the email subject + * line for ALL emails related to changes. + * @param branch + * @param project + * @param subject + * @param changeNumber + * @param authorName + * @param authorUsername + * @param uploaderName + * @param uploaderUsername + * @param formatChangeUrl + * + */ +{template .PatchSetCreated autoescape="strict" kind="text"} + + Change {$changeNumber} had a related patch set uploaded (by {$uploaderName ? $uploaderName : $uploaderUsername}; owner: {$authorName ? $authorName : $authorUsername}):{\n} + [{$project}@{$branch}] {$subject|escapeUri}{\n}{\n} + + {$formatChangeUrl} +{/template} + diff --git a/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy b/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy new file mode 100644 index 0000000000..5747c9bc01 --- /dev/null +++ b/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy @@ -0,0 +1,37 @@ +/** + * Copyright (C) 2017 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +{namespace etc.its.templates} + +/** + * The .PatchSetMerged template will determine the contents of the email subject + * line for ALL emails related to changes. + * @param changeNumber + * @param submitterName + * @param submitterUsername + * @param project + * @param branch + * @param subject + * @param formatChangeUrl + * + */ +{template .PatchSetMerged autoescape="strict" kind="text"} + Change {$changeNumber} merged by {$submitterName ? $submitterName : $submitterUsername}:{\n} + [{$project}@{$branch}] {$subject|escapeUri}{\n}{\n} + + {$formatChangeUrl} +{/template} + diff --git a/modules/gerrit/files/etc/its/templates/patch.patch b/modules/gerrit/files/etc/its/templates/patch.patch new file mode 100644 index 0000000000..56fe6e978f --- /dev/null +++ b/modules/gerrit/files/etc/its/templates/patch.patch @@ -0,0 +1,133 @@ +diff --git a/modules/gerrit/files/etc/its/templates/DraftPublished.soy b/modules/gerrit/files/etc/its/templates/DraftPublished.soy +new file mode 100644 +index 0000000000..03f898dfc1 +--- /dev/null ++++ b/modules/gerrit/files/etc/its/templates/DraftPublished.soy +@@ -0,0 +1,38 @@ ++/** ++ * Copyright (C) 2017 The Android Open Source Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++{namespace etc.its.templates} ++ ++/** ++ * The .DraftPublished template will determine the contents the published comment ++ * line for all related published comments ++ * @param branch ++ * @param project ++ * @param subject ++ * @param changeNumber ++ * @param authorName ++ * @param authorUsername ++ * @param formatChangeUrl ++ * ++ */ ++{template .DraftPublished autoescape="strict" kind="text"} ++ ++ Change {$changeNumber} had a related patch set (by {$authorName ? $authorName : $authorUsername}) published:{\n} ++ [{$project}@{$branch}] {$subject|escapeUri}{\n}{\n} ++ ++ {$formatChangeUrl} ++{/template} ++ +diff --git a/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy b/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy +new file mode 100644 +index 0000000000..0c22c9ae9f +--- /dev/null ++++ b/modules/gerrit/files/etc/its/templates/PatchSetCreated.soy +@@ -0,0 +1,40 @@ ++/** ++ * Copyright (C) 2017 The Android Open Source Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++{namespace etc.its.templates} ++ ++/** ++ * The .PatchSetCreated template will determine the contents of the email subject ++ * line for ALL emails related to changes. ++ * @param branch ++ * @param project ++ * @param subject ++ * @param changeNumber ++ * @param authorName ++ * @param authorUsername ++ * @param uploaderName ++ * @param uploaderUsername ++ * @param formatChangeUrl ++ * ++ */ ++{template .PatchSetCreated autoescape="strict" kind="text"} ++ ++ Change {$changeNumber} had a related patch set uploaded (by {$uploaderName ? $uploaderName : $uploaderUsername}; owner: {$authorName ? $authorName : $authorUsername}):{\n} ++ [{$project}@{$branch}] {$subject|escapeUri}{\n}{\n} ++ ++ {$formatChangeUrl} ++{/template} ++ +diff --git a/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy b/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy +new file mode 100644 +index 0000000000..5747c9bc01 +--- /dev/null ++++ b/modules/gerrit/files/etc/its/templates/PatchSetMerged.soy +@@ -0,0 +1,37 @@ ++/** ++ * Copyright (C) 2017 The Android Open Source Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++{namespace etc.its.templates} ++ ++/** ++ * The .PatchSetMerged template will determine the contents of the email subject ++ * line for ALL emails related to changes. ++ * @param changeNumber ++ * @param submitterName ++ * @param submitterUsername ++ * @param project ++ * @param branch ++ * @param subject ++ * @param formatChangeUrl ++ * ++ */ ++{template .PatchSetMerged autoescape="strict" kind="text"} ++ Change {$changeNumber} merged by {$submitterName ? $submitterName : $submitterUsername}:{\n} ++ [{$project}@{$branch}] {$subject|escapeUri}{\n}{\n} ++ ++ {$formatChangeUrl} ++{/template} ++